WebDAV restrict access

Currently reading
WebDAV restrict access

148
24
NAS
DS918+, DS916+, DS214+, DS211j
Hi!

Basically the WebDAV server runs properly on my DSM 7 machine with Directory Server authentification.
I can access shares when using my domain user accessing the DS.

Up to now I didn't realize that when my user accesses the DS using WebDAV, it can browse all of the available shares. My user does not have domain admin credentials, though.

So question is, can I restrict my user to have access to only a single share for security reasons? Or can I restrict the WebDAV server to have access only to one of those available shares?
 
148
24
NAS
DS918+, DS916+, DS214+, DS211j
Yes, of course you are correct!

Issue is that my domain user is member of several AD groups that allow access to almost all available shares on NAS.
This is desired and necessary for daily work and for mapping shares to drive letters when working in intranet.

The very same user is authenticating from external using WebDAV using the same credentials as on intranet. Hence my user gets access to all shares again. This may be correct, in my case, however it's not.

So I would like to give the WebDAV server access just for a single share with the purpose when a user access the NAS from external, he can see only one of those shares.
 

fredbert

Moderator
NAS Support
Subscriber
3,799
1,505
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Hmm. Allow WebDAV from only internal IPs for the AD account then provide a second account that has only limited access to shares?
 

fredbert

Moderator
NAS Support
Subscriber
3,799
1,505
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Alternatively don't run WebDAV on the main device but on another/vDSM and setup shares (Folder Sync?) so that they access only what you want.

Or deep dive into DSM and see if there's a config file to stop WebDAV Server permitting access to all shares. This is a guess and I've never looked into doing it.
 

jeyare

Subscriber
2,439
813
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
Last edited:
this behaviour of strange account control for WebDav is confirmed on my side also. I stopped using it last year.
Not first time is seen from Syno. This year, the situation happened to me in Drive as well.
-- post merged: --

I found out just by accidentally because an external co-worker showed me that he could see the whole team folder, which he should not have seen at all. Even that condition persisted after I disabled his account (DSM) + even after we deleted the entire directory tree (synced Drive TF) on his Macbook. The directory always miraculously appeared to him. I know that miracles last for 2000 years, but this was beyond my ideas. To date, I have not received a response from Syno Support (~6 months).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Dear All, Since DSM 7 or 7.0.1 (?) WebDav (HTTPS) is not working properly. I can't connect to another...
Replies
0
Views
706
I would expect its a standalone service because it runs on it's own port and cannot be shared (ofcourse a...
Replies
1
Views
1,625

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top